Customers given choice: pen or pin

PM - Tuesday, 3 June , 2008 18:43:00

Reporter: Ashley Hall

When you buy something with EFTPOS, you key in your personal identification number, or PIN. When you use your card as a credit card, you sign a bit of paper.

But with concern about forged signatures, that's starting to change.

Credit card issuers are offering customers the choice of signing a form or keying in a PIN when they make a purchase.

Ashley Hall reports.

CASHIER: How are you paying?

CUSTOMER: Credit.

CASHIER: Credit.

ASHLEY HALL: On average, Australian shoppers charge about $17.5-billion in goods and services to credit cards every month.

All it takes is a quick swipe of the card through the machine, and a flourish of a pen to secure the transaction.

But security experts say signatures are easy to forge, and merchants rarely check to make sure they're authentic.

Geoff Noble is a banking and finance specialist with the IT security firm, RSA security.

GEOFF NOBLE: That's my experience and that's the evidence of all the reports that we see. And the outcome of all of that is that all of the banks and issuers of cards are spending lots of time investigating false-positive transactions where people challenging whether it was them that was present or not.

ASHLEY HALL: Worried about an increase in credit card fraud in the UK, card issuers have adopted an extra layer of security in the past few years.

They've given each cardholder a PIN which matches a number encrypted on a memory chip on the card.

As a result total card fraud losses fell by three per cent in 2006.

GEOFF NOBLE: Anywhere where there's a smartcard reader, you're up to a second factor of authentication that will wipe out all attempts of fraudulent where it was just a scribbly line that frankly I don't see being check that often.

ASHLEY HALL: It's a system that's on its way to Australia from tomorrow.

SIMON GREIG: It's not a anti-fraud mechanism, it's a choice option assisting the areas where for maybe purposes of speed, it's more efficient to use a PIN rather than signing the card voucher at the point of sale.

ASHLEY HALL: And, at this stage, customers will retain the choice of using a pen or a PIN.

So, even if a customer wants to use a PIN it won't stop a thief from using the card with a forged signature.

SIMON GREIG: We would think in some instances PINs will be very unlikely to be used, for example, in restaurants or those sorts of locations, where in others such as supermarkets or petrol stations, it might become the predominant option.

ASHLEY HALL: The Australian Payments and Clearing Association says for every 100,000 transactions using credit cards in Australia, only about 17 are fraudulent.

So, it's not considered cost-effective to upgrade the hundreds of thousands of card readers throughout Australia.

The so-called chip and PIN security measures don't come without some concern.

Some security experts are worried that there'd be an increase in muggings, with robbers resorting to physical attacks if credit card fraud becomes too difficult.

Geoff Noble says it's imperative to keep the PIN secret.

GEOFF NOBLE: I don't know about yourself, but the concept of a skeleton PIN might be in use as it was for a skeleton password years ago where you used one password to get your many places, and that's a bit of a risk that it becomes a bit of a laissez faire attitude to that PIN.

ASHLEY HALL: But the chip and PIN system, if it were made mandatory, wouldn't secure all credit card purchases.

It wouldn't bring piece of mind to shoppers making purchases on the internet or the phone.

Geoff Noble says they should be vigilant before handing over their credit details.

GEOFF NOBLE: If somebody wants your credit card number, and you think that it's a safe site to do that, that's all well and good. But then when they ask you numbers like, what's your PIN and your mother's maiden name, what your date of birth, these are secondary and tertiary points where you should consider whether you want to transact with these guys.

ASHLEY HALL: And, if you do, he says, no chip or PIN would protect you.